Known Vulnerabilities for products from Pivotal Software
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Pivotal Software".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22950 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-04-01 | 2022-06-22 |
| CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are suscep... | 9.8 - CRITICAL | 2021-03-15 | 2022-04-07 |
| CVE-2021-22118 | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to... | 7.8 - HIGH | 2021-05-27 | 2022-10-25 |
| CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versi... | 8.8 - HIGH | 2021-02-23 | 2023-11-07 |
| CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, t... | 6.5 - MEDIUM | 2020-09-19 | 2023-11-07 |
| CVE-2020-5419 | RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for... | 6.7 - MEDIUM | 2020-08-31 | 2022-03-17 |
| CVE-2020-5415 | Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity... | 10 - CRITICAL | 2020-08-12 | 2020-08-19 |
| CVE-2020-5411 | When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code... | 8.1 - HIGH | 2020-06-11 | 2020-08-07 |
| CVE-2020-5409 | Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthent... | 6.1 - MEDIUM | 2020-05-14 | 2020-05-15 |
| CVE-2020-5408 | Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x p... | 6.5 - MEDIUM | 2020-05-14 | 2021-06-14 |
| CVE-2020-5407 | Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML... | 8.8 - HIGH | 2020-05-13 | 2023-11-07 |
| CVE-2020-5399 | Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A ... | 7.4 - HIGH | 2020-02-12 | 2020-02-27 |
| CVE-2020-5398 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an ap... | 7.5 - HIGH | 2020-01-17 | 2023-11-07 |
| CVE-2020-5397 | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Sp... | 5.3 - MEDIUM | 2020-01-17 | 2022-07-25 |
| CVE-2019-11292 | Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, ... | 6.5 - MEDIUM | 2020-01-09 | 2023-11-07 |
| CVE-2019-11291 | Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior ... | 4.8 - MEDIUM | 2019-11-22 | 2022-07-01 |
| CVE-2019-11287 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions... | 7.5 - HIGH | 2019-11-23 | 2023-11-07 |
| CVE-2019-11283 | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user wit... | 8.8 - HIGH | 2019-10-23 | 2021-08-17 |
| CVE-2019-11282 | Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote auth... | 4.3 - MEDIUM | 2019-10-23 | 2021-08-17 |
| CVE-2019-11281 | Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to... | 4.8 - MEDIUM | 2019-10-16 | 2023-11-07 |
Known software with vulnerabilities from Pivotal Software
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pivotal Software | Application Service | 2.0.0 |
| Application | Pivotal Software | Bosh Cli | 0.0.50 |
| Application | Pivotal Software | Cloud Foundry | 241 |
| Application | Pivotal Software | Cloud Foundry Cf-deployment | 0.0.0 |
| Application | Pivotal Software | Cloud Foundry Cf-release | 68 |
| Application | Pivotal Software | Cloud Foundry Diego | 0.1014.0 |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime | 1.6.0 |
| Application | Pivotal Software | Cloud Foundry Ops Manager | 1.7.0 |
| Application | Pivotal Software | Cloud Foundry Php Buildpack | 1.7.0 |
| Application | Pivotal Software | Cloud Foundry Smb Volume | - |
| Application | Pivotal Software | Cloud Foundry Uaa | 1.0.0 |
| Application | Pivotal Software | Cloud Foundry Uaa Bosh | 12.3 |
| Application | Pivotal Software | Cloud Foundry Uaa-release | 2 |
| Application | Pivotal Software | Cloudfoundry Uaa | 2.3.0 |
| Application | Pivotal Software | Cloudfoundry Uaa Release | 2 |
| Application | Pivotal Software | Concourse | 0.1.0 |
| Application | Pivotal Software | Credhub Service Broker | 1.0.0 |
| Application | Pivotal Software | Credhub-release | 0.1.0 |
| Application | Pivotal Software | Gemfire | 1.0.0.0 |
| Application | Pivotal Software | Greenplum Command Center | 1.2.2 |